Data Privacy Protecting the right to data privacy is fundamental to maintaining the trust of Ziff Davis’ customers, readers, subscribers, suppliers and employees. Ziff Davis is committed to implementing leading data protection standards by: Adopting significant governance measures, corporate policies and operating procedures to do so. Abiding by “privacy by default” and “privacy by design,” and conducting privacy impact assessments for major new products, services and other offerings prior to their public launch. Leveraging organization-wide tools to document our data flows, managing data subject access rights and assessing data processing activities. Regularly reviewing our data collection and processing activities across Ziff Davis and its businesses to ensure data is collected lawfully and transparently. LEARN MORE Proactive Risk Management Ziff Davis maintains risk management programs consistent with the highest principles of ethics and integrity, to ensure compliance with applicable laws and regulations and to meet our commitments to widely accepted best practices for data privacy and security. Our Corporate Audit Services (CAS) enhances and protects our organizational value by providing risk-based and objective assurance, advice and insight. CAS reports to the Audit Committee of the Board and is responsible for providing independent assessments to the Committee, management, and outside parties on the adequacy and effectiveness of governance, risk management, and control processes for Ziff Davis. CAS is staffed by a team of auditors from across the organization with deep experience in information technology, data privacy, finance and operations. Data Privacy & Security Training Ziff Davis uses third party providers of educational material to maintain a regular calendar of mandatory employee training sessions for all employees, designed to educate them on sound Information Security and Data Protection practices. These trainings help alert our employees to the many warning signs of potentially malicious activity by bad actors intent on phishing, spear-phishing, deploying ransomware, etc. Employees are also educated on relevant security and privacy regulations, such as GDPR, CCPA, and PCI. Targeted training is given to certain departments or brands to fulfill any compliance obligations. Additionally, we randomly subject individual business units – and the company at large – to unannounced simulated phishing attacks, designed to test the ability of our workforce to use the training they’ve received to properly react to potential threats.